cli

package

v0.0.0-...-d7c8067 Latest Latest Go to latest Published: Jun 21, 2019 License: MIT Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stoggi/aws-oidc

Links

Open Source Insights

Documentation ¶

Index ¶

func AuthCommand(app *kingpin.Application, config *GlobalConfig, authConfig *AuthConfig)
func ConfigureAuth(app *kingpin.Application, config *GlobalConfig)
func ConfigureExec(app *kingpin.Application, config *GlobalConfig)
func ConfigureGlobal(app *kingpin.Application, config *GlobalConfig)
func ConfigureList(app *kingpin.Application, config *GlobalConfig)
func ConfigureLogin(app *kingpin.Application, config *GlobalConfig)
func ExecCommand(app *kingpin.Application, config *GlobalConfig, execConfig *ExecConfig)
func ListCommand(app *kingpin.Application, config *GlobalConfig, listConfig *ListConfig)
func LoginCommand(app *kingpin.Application, config *GlobalConfig, loginConfig *LoginConfig)
type AuthConfig
type AwsCredentialHelperData
type ExecConfig
type GlobalConfig
type ListConfig
type LoginConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AuthCommand ¶

func AuthCommand(app *kingpin.Application, config *GlobalConfig, authConfig *AuthConfig)

AuthCommand executes the authentication with the selected OpenIDConnect provider

func ConfigureAuth ¶

func ConfigureAuth(app *kingpin.Application, config *GlobalConfig)

ConfigureAuth configures the auth command with arguments and flags

func ConfigureExec ¶

func ConfigureExec(app *kingpin.Application, config *GlobalConfig)

ConfigureExec configures the exec command with arguments and flags

func ConfigureGlobal ¶

func ConfigureGlobal(app *kingpin.Application, config *GlobalConfig)

ConfigureGlobal application arguments and flags

func ConfigureList ¶

func ConfigureList(app *kingpin.Application, config *GlobalConfig)

ConfigureList configures the list command with arguments and flags

func ConfigureLogin ¶

func ConfigureLogin(app *kingpin.Application, config *GlobalConfig)

ConfigureLogin configures the login command with arguments and flags

func ExecCommand ¶

func ExecCommand(app *kingpin.Application, config *GlobalConfig, execConfig *ExecConfig)

ExecCommand retrieves temporary credentials and sets them as environment variables

func ListCommand ¶

func ListCommand(app *kingpin.Application, config *GlobalConfig, listConfig *ListConfig)

ListCommand retrieves the list of AWS roles that have trust policues that accept a given client_id

func LoginCommand ¶

func LoginCommand(app *kingpin.Application, config *GlobalConfig, loginConfig *LoginConfig)

LoginCommand exchanges temporary credentials for an AWS Console signin url https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html

Types ¶

type AuthConfig ¶

type AuthConfig struct {
	// The name of the provider when definied in the TOML configuration file
	Name string `toml:"name"`

	// RoleARN the role in AWS that should be assumed with the identity token
	RoleArn string `toml:"role_arn"`

	// Duration in seconds that the temporary AWS credentials should last for
	// Between 900 (15 minutes) and 43200 (12 hours)
	Duration int64 `toml:"duration"`

	// ProviderURL the endpoint that defines the OIDC provider.
	// Should serve https://[ProviderURL]/.well-known/openid-configuration
	ProviderURL string `toml:"provider_url"`

	// ClientID configured with your OIDC provider
	ClientID string `toml:"client_id"`

	// ClientSecret should only be specified if your OIDC provider requires it.
	// Normally with PKCE you don't require a client_secret.
	ClientSecret string `toml:"client_secret"`

	// DisablePKCE removes the code_challenge and code_verifier parameters of a
	// proof key for code exchange OAuth flow. Only disbale this if your identity
	// provider does not support PKCE.
	DisablePKCE bool `toml:"disable_pkce"`

	// DisableNonce removes a random nonce sent to the server, and added to the token
	// This nonce is verified when the token is received by the command line app.
	DisableNonce bool `toml:"disable_nonce"`

	// AgentCommand contains the command and arguments that open a browser. The URL
	// to be opened will be appended, or use a parameter of {} to substitute the URL.
	AgentCommand []string `toml:"agent"`
}

AuthConfig defines a single OpenIDConnect provider

type AwsCredentialHelperData ¶

type AwsCredentialHelperData struct {
	Version         int    `json:"Version"`
	AccessKeyID     string `json:"AccessKeyId"`
	SecretAccessKey string `json:"SecretAccessKey"`
	SessionToken    string `json:"SessionToken"`
	Expiration      string `json:"Expiration,omitempty"`
}

AwsCredentialHelperData for AWS credential process https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#sourcing-credentials-from-external-processes

type ExecConfig ¶

type ExecConfig struct {
	Profile string
	Command string
	Args    []string
	Signals chan os.Signal
}

ExecConfig stores the parameters needed for an exec command

type GlobalConfig ¶

type GlobalConfig struct {
	//Region in AWS used by KMSAuth and BLESS
	Region       string
	Profile      string
	AuthProvider []AuthConfig

	Session *session.Session
	Keyring *keyring.Keyring
}

GlobalConfig used for defaults and command line arguments

type ListConfig ¶

type ListConfig struct {
	ClientID string
	Claim    string
}

ListConfig stores the parameters needed for a List command

type LoginConfig ¶

type LoginConfig struct {
	Profile string
}

LoginConfig stores the parameters needed for an login command

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL